PT-2018-15341 · Bnmux · Bnmux Bcw710J+2
Capitan Alfalo
·
Published
2018-12-23
·
Updated
2019-10-03
·
CVE-2018-20387
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bnmux BCW700J version 5.20.7
Bnmux BCW710J version 5.30.6a
Bnmux BCW710J2 version 5.30.16
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0".
Recommendations
For Bnmux BCW700J version 5.20.7, restrict access to the SNMP service to minimize the risk of exploitation.
For Bnmux BCW710J version 5.30.6a, consider disabling the SNMP protocol until a patch is available.
For Bnmux BCW710J2 version 5.30.16, avoid using the vulnerable SNMP requests until the issue is resolved.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bnmux Bcw700J
Bnmux Bcw710J
Bnmux Bcw710J2